Podcast | Dracore CEO Chantelle Fraser on SA's big data leak - TechCentral

Podcast | Dracore CEO Chantelle Fraser on SA’s big data leak

Dracore CEO Chantelle Fraser

In this special edition of the TechCentral podcast, Duncan McLeod sits down with Dracore Data Sciences CEO Chantelle Fraser to talk about the massive data leak exposed this week involving more than 60m South Africa citizens.

In the podcast, Fraser explains the timeline of events, how Dracore’s name was dragged into the story and why she’s filing papers in the high court later on Friday against the publisher of iAfrikan, a website that wrote an article speculating about whether her company may have been involved in the leak.

Australian information security professional Troy Hunt first revealed on Tuesday that the records of more than 30m South Africans had been leaked online — he later revised this number to more than 60m, including millions of records of deceased people.

Subsequent investigations have traced the leak to a site owned by Pretoria-based real estate company Jigsaw Holdings.

In the podcast, Fraser explains what exactly it is that Dracore Data Sciences does and why the company was not responsible for the leak.

She talks about how a team from the National Credit Regulator visited Dracore’s offices on Thursday afternoon to interrogate both her and her staff on the leak and has refuted speculation that the offices were, in fact, raided by the police and the National Prosecuting Authority.

Fraser explains the rules governing data protection in South Africa, why the Promotion of Personal Information Act is so important and how South Africans can and should seek to protect themselves in light of this week’s’ news. She also explains Dracore’s previous relationship with Jigsaw Holdings.

How to subscribe to TechCentral’s podcasts

There are many ways to enjoy TechCentral’s podcasts, beyond simply streaming them from our website. A good way is by subscribing to them using an app on your phone, allowing you to listen in the car, at the gym or wherever you happen to be.

The TechCentral Podcast RSS feed is available via iono.fm. Note that this is a separate feed to the weekly TalkCentral podcast, the RSS for which is available here. If you’d like both podcasts in one RSS feed, that’s here.

Use the RSS feeds to subscribe to either podcast (or both podcasts) in your favourite reader (we recommend Pocket Casts for Android, iOS and Windows Phone — look for “TechCentral” in its search engine to find both shows).

We are also available through iTunes. Simply open the iTunes app on your iPhone and search for “TechCentral” to find the two podcasts.  — (c) 2017 NewsCentral Media

  • Karel Venter

    Please explain why “official” census nrs put our population at ~55mil whilst this database has info on 59mil (66mil with deceased) people which also EXCLUDES any person under 18 years of age? Someone’s info is wrong…is it Jigsaw’s Dbase, or can it be that our Government census data is skewed?

  • Greg Mahlknecht

    Great interview. A few points

    – Chantelle says she hasn’t seen the data, which she seems to think is a good thing, but it’s an AWFUL thing – Privacy aside, from a purely business point of view surely she’d be interested to know how much of her data has leaked, and to confirm conclusively that it’s actually her data.

    Dracore accuses Tefo on not doing due diligence to connect the dots, but Dracore hasn’t either, or if they have, aren’t disclosing that information. They skirt around the issue of them being the source of the data, but never outright deny it, that I can see. It doesn’t REALLY matter, but it does come across as a bit slimy they way it’s been handled.

    I also find it amusing that Dracore used the same “Is Dracore Data Sciences Responsible For South Africa’s Largest Ever Data Leak?” headline in their blog post, that they’re suing Tefo over to get taken down 🙂

    – Her justifications for why collect this data was as weak as whenever any company gets queried in cases like this.. Citing hypothetical fringe cases “let’s collect tons of personal info so we can buy the right carpet”. Give me a break. There are good reasons to collect personal information, if you run a business that does that, you should have some good uses cases ready to spit out.

    – Although I don’t believe that Tefo really did anything wrong, I think he’s a massive dumbass for not complying with Dracore’s simple requests. His click-baitey headline should really be changed, it is indeed inflammatory. And an apology would cost him nothing. There are a number of facts in his article that we know now not to be true, a 5 minute calrification would help.

    – The form to check what info Dracore has on you is here http://www.dracore.co.za/images/Docs/Consumer_Information_Challenge_Request.pdf

  • Agree with your comments. Tefo had a go at me on Twitter after I said that the reporting was irresponsible and the term “breach” should have never been used – https://twitter.com/gerdnaschenweng/status/920995299597877249

    While I initially respected their reporting, it became very quickly evident, that the reporting was rushed and the accusations ill-placed. It should have been done in a more coordinated fashion: https://www.naschenweng.info/2017/10/19/what-should-have-happened-master-deeds-leak/

    As much as a I disagree with the collection of PII, under current legislation this is completely legal AFAIK (similarly, as much as one might dislike loan-sharks or debt-collectors, those are professions which are legally allowed to operate). It is questionable how those 12m records of children landed up in the leak.

    Based on today’s news about the 12m records of data on minors, I do hope that news media will follow up. Till Duncan’s interview Dracore had no real right of reply and I do agree that their blog post is very unprofessional.

  • It is confirmed that the leak contained 12m records of children – https://www.naschenweng.info/2017/10/20/master-deeds-data-leak-contains-information-children/

  • Karel Venter

    Understood, but that still puts the 59mil nr quite a bit higher than our ~55mil census data

  • Vince-0

    1. Troy doesn’t work for Microsoft.
    2. Dracore outright denies it’s their database file or open web server, Chantelle says so multiple times in this interview.
    3. Dracore was already investigated by authorities, why would they investigate the compromised data as well?
    4. Where would Dracore get this data to investigate in a legitimate way?
    5. Tefo did some terrible journalistic “sleuthing” by connecting whois records to companies and landed up with a nice question mark as a headline which looks a lot like unfounded accusations.

    Did I miss anything Internet comments people?
    *waits for the infosec experts to come out the cracks.